Take Two Aspirin and Text Me in the Morning: Will healthcare technology implementations raise new privacy concerns?

A new HIPAA compliant texting app is in beta testing at about 80
hospitals around the US right now. It is secure, traceable, encrypted and
recorded. In other words, the HIPAA aspects are all covered so physicians who
use texting as a means of communication are no longer breaking the rules. But what about human error?

I love technology. I've made information technology my career. Technology
touches nearly every part of my life. And, as I've said before, I am a
technical early adopter.I’m in favor of
technical progress, new innovations, and using technology in as many ways as is
possible to improve my life and work. Despite popular belief, a lot of doctors,
clinicians, and nurses are too.

I’m also as addicted to texting as anyone out there (OK, middle school
kids might have one up on me) and I use it as a primary method of
communication.

For those of you who know the feeling, you also know the feeling of
sending the wrong text to the wrong person occasionally. What's to prevent a
doctor, nurse, or a medical assistant from sending your information to another
person via text?

Medical records are not always pristine. I have a colleague whose
medical records are actually mixed with another person of the same name,
stating he has ailments and a prescription regimen he is not actually on, and
who receives mail for Medicare insurance despite the fact that he is in his
40's. That's an entirely different matter for later discussion, but it does
have relevance.

If it can happen in the back office of a healthcare organization, it
can certainly happen via text.

I can understand the need for instantaneous communication within a healthcare organization and can understand the benefits. The worst case scenario is that a texting app along with human error sends my information to the wrong department or doctor within an HCO. My information is not publicly compromised.

My concern is that human error via texts intended for me could do just that.

I’m sure technology providers and HCO's will secure my data with unique ID's
such as a SSN, patient number, or something similar, but that’s only as good as
the human doing the texting. I am sure mistakes aren't commonplace but, through
my experiences working with technology and in healthcare IT staffing, they do
happen on nearly every level of every organization.

A famous quote from Alexander Pope states, 'To err is human; to forgive, divine.'

On the surface I love the idea of texts from my doctor. Who wouldn't
want information or test results as soon as they come in? I love the idea until
the doctor sends it to my wife, or child, or mother by accident because they have
the same last name, or initials.

I don't know how many people would forgive a mistake such as leaking
private medical information in today's litigious society.

Perhaps a safer method would be that the texting is not actually sent by a human at all. Rather; it’s
an integration into the EMR product that then sends out the texts to the phone
number on file.

Unfortunately, although more secure, this brings up two other problems:

My phone
number on record is wrong at two different doctor's offices I've visited in the in the last year alone due to moving; which
means that whomever has my old number would receive my medical information.

I often give my phone to a friend or relative to play a game, look at pictures,
or hop on the web.A big text box popping up
with an image of my MRI results isn’t exactly information I want shared.

We discuss data security and healthcare in these blogs frequently and, I’m
sorry but, unless there is a way (and maybe there is) that text providers can
ensure texts are going to the right person; 100% of the time, without fail; this
seems like a disaster waiting to happen.

I think I may have an alternate solution to reduce the chances of human error.

The large EMR vendors could develop a healthcare app for smart phones that ties into your electronic medical record for which you would have a secure login with a password and username that can't be stored. You can
see the information as it gets put into your electronic records. It would be as simple as checking on your bank account online.You could
sign up for instant notifications that alert you a new message has arrived, instead of sending the
confidential information.

Regardless of the technology, employees at every level of healthcare organizations are craving a solution. Beta testing is just that: testing. Just because it works does not make it as functional and secure as it can be. We would be wise to make sure we have this right before a widespread beta roll-out turns out to be very wrong as a result of our desire to have the products now.